Reference
API reference
HTTP API surface for discovery, exporter, and auth.
telark exposes one HTTP API surface fronted by the REST package and served by the in-cluster services. Every endpoint requires an authenticated session — passkey or OIDC.
Discovery
| Method | Path | Notes |
|---|---|---|
GET | /v1/applications | Lists applications, paginated, namespace-exclusion honoured. |
GET | /v1/applications/{name} | One application with workloads, current change cycle, and plan binding. |
POST | /v1/applications/{name}/sync | Force-sync — pushes a marker onto the discovery stream. |
Snapshots & rollback
| Method | Path | Notes |
|---|---|---|
GET | /v1/applications/{name}/snapshots | Lists snapshots, newest first, retention-bounded. |
GET | /v1/applications/{name}/snapshots/{id} | One snapshot; content-negotiated application/yaml or application/json. |
POST | /v1/applications/{name}/rollback | Triggers a rollback; returns a rollback record. |
GET | /v1/applications/{name}/rollbacks/{id} | Polls a rollback to completion. |
Protection plans
| Method | Path | Notes |
|---|---|---|
GET | /v1/protection-plans | Lists plans across the cluster. |
POST | /v1/protection-plans | Creates a plan from a template. |
PATCH | /v1/protection-plans/{id} | Updates plan scope, policies, or participants. |
POST | /v1/protection-plans/{id}/cancel | Cancels a running plan. |
POST | /v1/protection-plans/{id}/reactivate | Brings a cancelled plan back. |
POST | /v1/protection-plans/{id}/duplicate | Forks a plan into a new draft. |
POST | /v1/protection-plans/{id}/prepare | Pre-runs admission to surface conflicts. |
Auth
| Method | Path | Notes |
|---|---|---|
POST | /v1/auth/passkey/register/begin | Starts WebAuthn registration. |
POST | /v1/auth/passkey/register/finish | Completes registration. |
POST | /v1/auth/passkey/login/begin | Starts a passkey login. |
POST | /v1/auth/passkey/login/finish | Completes the login, returns a session. |
GET | /v1/auth/oidc/google/start | Redirects to Google OIDC. |
GET | /v1/auth/oidc/google/callback | OIDC callback, returns a session. |
DELETE | /v1/auth/session | Logs the current session out. |
For the wire-level schema of every payload, see the CRD reference and the OpenAPI document shipped alongside each service binary.